Adobe, Google and other Patch Tuesday patches

Published: 2013-11-12
Last Updated: 2013-11-14 17:03:00 UTC
by Johannes Ullrich (Version: 1)
6 comment(s)


Adobe published two advisories today:

(Correction: APSB13-25 was released last month, and I have removed it from this diary. Instead, APSB13-27 was added below)

APSB13-26: Security Updates for Flash Player

This update affects the Windows, OS X as well as the Linux version of Adobe Flash Player 11.9 (11.2 for Linux) , as well as Adobe Air 3.9. The Flashplayer vulnerability is assigned a priority of "1" on Windows and OS X which indicates an exploit has been sighted in the wild and Adobe recommends patch "as soon as possible" (72 hrs).

Vulnerabilities that are covered by this patch: CVE-2013-5329, CVE-2013-5330.

APSB13-27: Hotfix for Coldfusion

This hotfix affects Coldfusion 9 as well as 10. Adobe assigned it a priority of 1 for Coldfusion 10 and 2 for Coldfusion 9.x . The hotfix patches two vulnerabilities:

1 - A reflective XSS vulnerability in Coldfusion 9/10 (CVE-2013-5326)
2 - An authentication bypass problem in Coldfusion 10 (CVE-2013-5328)

The second vulnerability which allows unauthorized remote read access is probably the reason this hotfix is rated "1" for Coldfusion 10.



Google released a new version of Chrome today: Chrome 31. The update includes 25 security fixes. Not exactly a security fix, but still interesting: Chrome 31 improves the SSL ciphers by adding support for the AES-GCM ciphers.


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

6 comment(s)


I'm confused...

ASPB13-25 was released last month and Reader 11.0.05 was released on Oct 8th

Thanks. I fixed the diary. I think this may have happened because APSB13-27 isn't live yet, but listed on the security summary page.
Just something I noticed:
I went to :
clicked on the top link and I get:

looking in Flagfox I see it is a Ukraine IP:
I then went to the top Domain in Adobe then to the downloads page and I get the same thing.
openDNS is my DNS resolver
Since when did Adobe start hosting the Flash downloads in the Ukraine? I'm thinking it could be bogus.

I just refreshed it twice now it shows as USA based Apache NOT JRun in Ukraine....odd stuff seems to be some kind of anycast-announced netblock. So depending where I traceroute from, it would appear to be hosted in Dallas, or Dublin, or ...
Thanks... just seemed odd and after their breach trustworthiness is gone :)
> looking in Flagfox I see it is a Ukraine IP:

I looked at -- that /24 is allocated to ADOBE, as is and

Using NSLOOKUP with the '-debug' option shows a TTL of about 30 seconds for the result, either:




i.e., somewhere in Texas or somewhere in Europe.

Round-robin load-balancing by Adobe's DNS-servers ?
nameserver =
ttl = 1955 (32 mins 35 secs)
nameserver =
ttl = 1955 (32 mins 35 secs)
nameserver =
ttl = 1955 (32 mins 35 secs)
nameserver =
ttl = 1955 (32 mins 35 secs)
nameserver =
ttl = 1955 (32 mins 35 secs)


Diary Archives